News
- Cisco patched a maximum-severity flaw impacting Identity Services Engine and ISE Passive Identity Connector
- The flaw allowed threat actors to run arbitrary code on the underlying OS
- It was patched in versions 3.3 and 3.4
A maximum-severity vulnerability was recently discovered, and patched, in Cisco Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC). This flaw allowed threat actors to execute arbitrary code, with elevated privileges, on the operating system of the devices running the tools.
ISE is a network security policy management and access control platform, helping organizations centrally manage who and what can connect to their network. The ISE-PIC, on the other hand, is a lightweight service that collects identity information about users and devices without requiring them to authenticate via traditional methods.
Both tools are typically used by enterprise IT and cybersecurity teams that manage large or complex network environments.
The importance of patchingRecently, security researcher Kentaro Kawane, from GMO Cybersecurity, discovered an insufficient validation of user-supplied input vulnerability that could be exploited by submitting a crafted API request. Valid credentials are not required to abuse the flaw.
It is tracked as CVE-2025-20337, and was given a severity score of 10/10 (critical). It affects releases 3.3 and 3.4 of the tools, regardless of device configuration. However, releases 3.2 or older are not affected.
Cisco addressed the flaws in these versions:
- Cisco ISE or ISE-PIC Release 3.3 (Fixed in 3.3 Patch 7)
- Cisco ISE or ISE-PIC Release 3.4 (Fixed in 3.4 Patch 2)
The good news is that there is no evidence the vulnerability has been exploited in the wild by malicious actors. However, cybercriminals are known for targeting organizations only after a bug was made public, since many entities don’t rush to apply the patches. By keeping hardware and software outdated, organizations are keeping their back doors wide open, and criminals are getting an easy way into the premises.
Therefore, it would be good practice to apply the patches as soon as possible and prevent possible attacks.
Via The Hacker News
You might also like- Cisco warns over worrying security flaws in ISE affecting AWS, Azure cloud deployments - here's what you need to know
- Take a look at our guide to the best authenticator app
- We've rounded up the best password managers
- Netflix has announced an Assassin's Creed TV series is coming to the streamer
- It has been in the making for almost five years but we don't have much information yet
- The plot describes the series as "a high-octane thriller centered on the secret war between two shadowy factions"
Netflix has greenlit an Assassin's Creed TV adaptation, giving me hope once again after previous attempts to adapt the video game for the screen have flopped.
In 2016, the Michael Fassbender led movie was critically panned and received an 18% Rotten Tomatoes critical score. But news that the story is coming to one of the best streaming services has piqued my interest.
We have seen some huge success with video game adaptations recently, of course, like Prime Video's Fallout or HBO's The Last of Us, so we can only hope that second time's a charm when it comes to Assassin's Creed.
What do we know about Netflix's Assassin's Creed?The Assassin's Creed movie was a critical flop. (Image credit: New Regency Productions)At the time of writing, we don't know much. Netflix hasn't released a trailer or a cast list, but they have confirmed who is leading the project.
Emmy nominees Roberto Patino (Westworld) and David Wiener (Halo) will serve as creators, showrunners, and executive producers on the Assassin's Creed series. Given their work on some big shows, this does fill me with hope.
The Halo video game to screen adaptation scored a healthy 80% on Rotten Tomatoes, making it worthy of a spot on our best Paramount+ shows, so that's a positive start.
In terms of plot, all we have so far is a statement from Tudum which reads: "Assassin’s Creed is a high-octane thriller centered on the secret war between two shadowy factions — one set on determining mankind’s future through control and manipulation, while the other fights to preserve free will."
It adds: “The series follows its characters across pivotal historical events as they battle to shape humanity’s destiny.”
That isn't a lot to go off, and fans of the video games already know the universe well, so it will be interesting to see how far it sticks with or deviates from the source material.
Either way, I'm excited to give this one a go and pray it will one day be added to our best Netflix shows list.
You might also like- I watched Brick on Netflix so you don’t have to – here’s a far superior sci-fi thriller I recommend streaming instead
- Stranger Things first aired 9 years ago today but who cares? Netflix has made us wait too long for season 5
- Squid Game: The Challenge season 3 is a win for Netflix, but one unhinged game from the K-drama can’t be replicated